Tag Archives: Apple

I’m following the story of Apple blocking CryptoPro products due to US sanctions

Leave a reply

I'm following the story of Apple blocking CryptoPro products due to US sanctions

I’m following the story of Apple blocking CryptoPro products due to US sanctions.

“Apple has blocked our applications from the AppStore and revoked the code signing certificate for products for MacOS operating systems.”

The CryptoPro company has released new versions of distributions and instructions for installing CryptoPro CSP, Chromium GOST and Ngate client. This way they were able to restore the products to work on MacOS. For how long? We’ll see.

“The accessibility issue for our iOS apps is in the process of being resolved.”

I see positive aspects in Apple blocking products of Russian developers. This is another hint to Russian companies and organizations that there is no need to make corporate purchases of Apple products and it will bring nothing but problems.

Microsoft may take up similar blocking measures. So in the medium term there are no alternatives to Russian Linux distributions. 🤷‍♂️

На русском

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers

Leave a reply

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers. Hello everyone! Last Week’s Security News, August 1 – August 8.

Black Hat Pwnie Awards

Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It’s like an Oscar or Tony in the information security world. Pwnie Awards recognizes both excellence and incompetence. And, in general, is a very respectable, adequate and fun event.

There were 10 nominations. I will note a few.

  • Firstly 2 nominations, which were received by the guys from Qualys.
    Best Privilege Escalation Bug: Baron Samedit, a 10-year-old exploit in sudo.
    Most Under-Hyped Research: 21Nails, 21 vulnerabilities in Exim, the Internet’s most popular mail server.
  • Best Server-Side Bug: Orange Tsai, for his Microsoft Exchange Server ProxyLogon attack surface discoveries.
  • Most Epic Fail: Microsoft, for their failure to fix PrintNightmare.
  • Best Song: The Ransomware Song by Forrest Brazeal

Continue reading

AVLEONOV Podcast

Leave a reply

AVLEONOV Podcast. I finally launched my own podcast! These are the audio tracks from my videos with some minimal changes, but it may be more convenient for someone to follow me this way. You can try to find my podcast in your podcast player by searching for “avleonov” (well, at least it works in Podcast Addict) or add it with the direct URL https://avleonov.com/podcast/feed.xml.

AVLEONOV Podcast

And here is what I recently learned about podcasting.

Continue reading

Vulnerability Quadrants

8 Replies

Vulnerability Quadrants. Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically.

Vulnerability Quadrant

First of all, let’s talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability Management and Vulnerability Intelligence?

VM strategies

  • Some people have a Vulnerability scanner, scan infrastructure with it, patch founded vulnerabilities and think that this will be enough.
  • Some people pay attention to the vulnerabilities that are widely covered by media.
  • Some people use vulnerability databases and search for the most critical vulnerabilities by some criteria.

Each of these ways have some advantages and some disadvantages.

Continue reading